Mededeling

Collapse
No announcement yet.

Windows 7 / toepassingen reageren steeds niet

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Windows 7 / toepassingen reageren steeds niet

    Ik heb hier een laptop met Windows 7 Home Premium.
    Probleem is dat sinds kort willekeurige programma's ineens niet meer reageren en het heel lang duurt voor er weer iets gebeurt. In taakbeheer zijn geen zware processen zichtbaar. Probleem doet zich ook voor wanneer slechts één toepassing opgestart is (bv. Excel).

    Ik heb de stappen gevolgd in de thread: !!! BELANGRIJK !!!: Lees dit bericht voor je een bericht plaatst!

    Hieronder de acties/rapporten:

    Stap 1: Emulatiesoftware uitgeschakeld
    Stap 2: scannen op malware met Malwarebytes Anti-Malware
    Stap 3: DDS logbestand gemaakt
    Stap 4: gescand op rootkits met GMER

    Inhoud van het logbestand van Malwarebytes Anti-Malware:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.05.12.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16897
    hodi :: HODI-PC [administrator]

    12-5-2014 22:28:23
    mbam-log-2014-05-12 (22-28-23).txt

    Scan type: Volledige scan (C:\|D:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 454072
    Verstreken tijd: 2 uur/uren, 7 minuut/minuten, 5 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> Data: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 2
    C:\Users\hodi\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\AppData\Roaming\OpenCandy\DE3A5A38E17844E393072E80DFD3A26E (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 6
    C:\ProgramData\continuetosave\uninstall.exe (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\Documents\Erik\Sony Vegas Pro 10\Sony Vegas 10 32-bit\Keygen.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\Documents\Erik\Sony Vegas Pro 10\Sony Vegas 10 32-bit\Patch.exe (RiskWare.Tool.HCK) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\Documents\Erik\Sony Vegas Pro 10\Sony Vegas 10 32-bit\SV10_32_Keygen+Patch.rar (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\Documents\Erik\Sony Vegas Pro 10\Sony Vegas 10 64-bit\SV10_64_Keygen+Patch.rar (RiskWare.Tool.HCK) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\hodi\AppData\Roaming\OpenCandy\DE3A5A38E17844E393072E80DFD3A26E\TuneUpUtilities2013-2200335_nl-NL.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    ---------------------------

    DDS logfile:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16866 BrowserJavaVersion: 10.55.2
    Run by hodi at 1:04:04 on 2014-05-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2996.1999 [GMT 2:00]
    .
    AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Antivirus Pro 2013 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Personal Firewall 2013 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
    C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Firewall\PSHOST.EXE
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
    C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Users\hodi\AppData\Local\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\RunDll32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.nl/
    uDefault_Page_URL = hxxp://acer.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: continuetosave: {DE16BFF5-C6F8-4717-2341-1A92FE7A8674} - C:\ProgramData\continuetosave\50f30a0685eab.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
    mRun: [ConnectionCenter] "C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
    TCP: NameServer = 195.130.131.3 195.130.130.131
    TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\055666471637475627960234F637D6F64756 : DHCPNameServer = 192.168.123.254
    TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\350756564645F6573686144423648343 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D} : DHCPNameServer = 195.130.130.130 195.130.131.130
    TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\1357E6461302D4F62696C6560275C414E4D225F657475627F5935323246313 : DHCPNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\4505F494A584E41477966696 : DHCPNameServer = 10.128.128.128
    TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\46967716E6560227563656074796F6E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1} : DHCPNameServer = 195.130.131.3 195.130.130.131
    TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\0556E63796F6E634C616A65737 : DHCPNameServer = 82.144.41.8 82.145.9.8
    TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\14478656E63702449616D6F6E6460205C65737 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\1607642333 : DHCPNameServer = 10.0.0.138
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\contin~1\sprote~1.dll c:\progra~2\softqu~1\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: avldr - avldr64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\hodi\AppData\Roaming\Mozilla\Firefox\Profiles\ivcv2jle.default-1399195222856\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL -
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npctxcao.dll
    FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npctxcao.dll
    FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AmUStor;AM USB Stroage Driver
    R? athrusb;Atheros Wireless LAN USB device driver
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? hcwhdpvr;Hauppauge HD PVR Capture Device
    R? KovaPlusFltr;ROCCAT Kova[+] Mouse
    R? LVRS64;Logitech RightSound Filter Driver
    R? LVUVC64;Logitech HD Pro Webcam C920(UVC)
    R? MWLService;MyWinLocker Service
    R? NTIBackupSvc;NTI Backup Now 5 Backup Service
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter
    R? SkypeUpdate;Skype Updater
    R? SwitchBoard;SwitchBoard
    R? TsUsbFlt;TsUsbFlt
    R? USBAAPL64;Apple Mobile USB Driver
    R? WatAdminSvc;Windows Activation Technologies-service
    S? AMD External Events Utility;AMD External Events Utility
    S? AmFSM;AmFSM
    S? APPFLT;App Filter Plugin
    S? AtiHDAudioService;ATI Function Driver for HD Audio Service
    S? ctxusbm;Citrix USB Monitor Driver
    S? DSAFLT;DSA Filter Plugin
    S? DsiWMIService;Dritek WMI Service
    S? ePowerSvc;Acer ePower Service
    S? FNETMON;NetMon Filter Plugin
    S? GREGService;GREGService
    S? HECIx64;Intel(R) Management Engine Interface
    S? IDSFLT;Ids Filter Plugin
    S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
    S? mwlPSDFilter;mwlPSDFilter
    S? mwlPSDNServ;mwlPSDNServ
    S? mwlPSDVDisk;mwlPSDVDisk
    S? NETFLTDI;Panda Net Driver [TDI Layer]
    S? NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44
    S? NTI IScheduleSvc;NTI IScheduleSvc
    S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
    S? Panda Software Controller;Panda Software Controller
    S? pavboot;Panda boot driver
    S? PAVFNSVR;Panda Function Service
    S? PavPrSrv;Panda Process Protection Service
    S? PAVSRV;Panda On-Access Anti-Malware Service
    S? PavTPK.sys;PavTPK.sys
    S? PMBDeviceInfoProvider;PMBDeviceInfoProvider
    S? Prot6Flt;Prot6Flt
    S? PskSvcRetail;Panda PSK service
    S? Realtek11nSU;Realtek11nSU
    S? ShldFlt;Panda File Shield Driver
    S? TomTomHOMEService;TomTomHOMEService
    S? UMVPFSrv;UMVPFSrv
    S? UNS;Intel(R) Management & Security Application User Notification Service
    S? Updater Service;Updater Service
    S? WNMFLT;Wifi Monitor Filter Plugin
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    .
    =============== Created Last 30 ================
    .
    2014-05-12 15:32:01 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-05-12 15:30:49 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F27EB7-BE4E-4473-912D-21ABE1A13484}\mpengine.dll
    2014-05-12 15:29:21 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-12 15:29:20 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-12 15:27:57 465408 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-12 15:27:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-11 11:28:10 -------- d-----w- C:\Users\hodi\AppData\Local\{B44C8F52-0AF6-4177-998A-B513F4F7FE13}
    2014-05-11 08:21:55 6103040 ----a-w- C:\Program Files (x86)\GUTE5CD.tmp
    2014-05-11 08:21:35 -------- d-----w- C:\Program Files (x86)\GUM959A.tmp
    2014-05-07 05:39:53 -------- d-----w- C:\Users\hodi\AppData\Local\{964CCEAD-227E-41E5-878A-6C4DACCCFEB5}
    2014-05-06 09:33:17 -------- d-----w- C:\Users\hodi\AppData\Local\{5D20FD13-0FB6-4FFB-A592-D0A6CF26A3BF}
    2014-05-04 10:21:30 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
    2014-05-04 10:21:30 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
    2014-05-04 10:21:30 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
    2014-05-04 09:37:35 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2014-05-04 08:19:25 -------- d-----w- C:\Users\hodi\AppData\Local\{DBF6D357-562A-4471-AB51-7B6DE921BFBE}
    2014-04-27 09:41:34 -------- d-----w- C:\Users\hodi\AppData\Local\{DE7E27BB-8AC4-4939-9B1F-81C4202AFE88}
    2014-04-25 13:41:11 -------- d-----w- C:\Users\hodi\AppData\Local\{1F98663C-E1A3-4842-A382-426B146A1743}
    2014-04-20 05:04:45 -------- d-----w- C:\Users\hodi\AppData\Local\{B4AB1B68-3516-4868-B406-15AE0C914FA7}
    2014-04-17 21:31:59 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-16 20:42:42 -------- d-----w- C:\Users\hodi\AppData\Local\{C5DA57F6-CA01-4DC1-AECE-03649E28247E}
    2014-04-16 05:28:23 -------- d-----w- C:\Users\hodi\AppData\Local\{3FDDFD04-908A-4E9A-8C30-B5E70051150A}
    .
    ==================== Find3M ====================
    .
    2014-05-04 09:14:36 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-04 09:14:36 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-13 06:33:30 2238976 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-13 06:32:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-13 06:31:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-13 06:31:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-03-13 05:10:47 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-13 05:09:43 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-13 05:09:39 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-13 05:09:39 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-03-13 03:59:47 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2014-03-13 03:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    .
    ============= FINISH: 1:08:00,28 ===============

  • #2
    GMER deel 1

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-13 01:28:56
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
    Running: kfujy5k7.exe; Driver: C:\Users\hodi\AppData\Local\Temp\kgldipod.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b2000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033b202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
    .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!MapViewOfFile 00000000773bd850 5 bytes JMP 00000000776804a8
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!CreateFileMappingA 00000000773bdf90 5 bytes JMP 0000000077680370
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!CreateFileMappingW 00000000773beeb0 5 bytes JMP 0000000077680718
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000773c1890 5 bytes JMP 00000000776805e0
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!MapViewOfFileEx 00000000773d1b80 5 bytes JMP 0000000077680238
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!TerminateProcess + 1 00000000773fc051 4 bytes {JMP 0x2840b0}
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!CreateRemoteThread 00000000773fc8a0 5 bytes JMP 0000000077680850
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007743f490 5 bytes JMP 0000000077680988
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\ole32.dll!CLSIDFromProgID 000007fefe0d9980 5 bytes JMP 000007feff6004a8
    .text C:\Windows\system32\taskeng.exe[2044] C:\Windows\system32\ole32.dll!CLSIDFromProgIDEx 000007fefe0da4c4 5 bytes JMP 000007feff600370
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1624] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
    .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1820] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000100460594
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000100460c6c
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000100460a24
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000100460228
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000100460104
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000100460470
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 00000001004607dc
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 000000010046034c
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000100460900
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 00000001004606b8
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1512] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000100460b48
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762a1465 2 bytes [2A, 76]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762a14bb 2 bytes [2A, 76]
    .text ...

    Comment


    • #3
      GMER deel 2

      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000100be0594
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000100be0c6c
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000100be0a24
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000100be0228
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000100be0104
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000100be0470
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 0000000100be07dc
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 0000000100be034c
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000100be0900
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 0000000100be06b8
      .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1580] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000100be0b48
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
      .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
      .text C:\Windows\system32\svchost.exe[3748] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!MapViewOfFile 00000000773bd850 5 bytes JMP 00000000776804a8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CreateFileMappingA 00000000773bdf90 5 bytes JMP 0000000077680370
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CreateFileMappingW 00000000773beeb0 5 bytes JMP 0000000077680718
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000773c1890 5 bytes JMP 00000000776805e0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!MapViewOfFileEx 00000000773d1b80 5 bytes JMP 0000000077680238
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!TerminateProcess + 1 00000000773fc051 4 bytes {JMP 0x2840b0}
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CreateRemoteThread 00000000773fc8a0 5 bytes JMP 0000000077680850
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007743f490 5 bytes JMP 0000000077680988
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ole32.dll!CLSIDFromProgID 000007fefe0d9980 5 bytes JMP 000007feff6004a8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ole32.dll!CLSIDFromProgIDEx 000007fefe0da4c4 5 bytes JMP 000007feff600370
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!StartServiceW 000007feff519400 5 bytes JMP 000007feff5f0fa0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007feff51e810 5 bytes JMP 000007feff5f0d30
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!OpenServiceA 000007feff52a30c 5 bytes JMP 000007feff5f0bf8
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007feff52adc4 5 bytes JMP 000007feff5f05e0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff5355c8 5 bytes JMP 000007feff5f0988
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!DeleteService 000007feff535654 5 bytes JMP 000007feff5f0ac0
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ControlService 000007feff535668 5 bytes JMP 000007feff5f0718
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!StartServiceA + 1 000007feff54b321 4 bytes {JMP 0xa5b48}
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff54b85c 5 bytes JMP 000007feff5f0850
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff54b9d0 5 bytes JMP 000007feff5f0238
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff54ba3c 5 bytes JMP 000007feff5f0100
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2W + 1 000007feff54baa9 4 bytes {JMP 0xa4a00}
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2A + 1 000007feff54bab5 4 bytes {JMP 0xa48bc}
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!LsaRemoveAccountRights 000007feff559510 5 bytes JMP 000007feff600238
      .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\ADVAPI32.dll!LsaAddAccountRights 000007feff559580 5 bytes JMP 000007feff600100
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!MapViewOfFile 00000000773bd850 5 bytes JMP 00000000776804a8
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!CreateFileMappingA 00000000773bdf90 5 bytes JMP 0000000077680370
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!CreateFileMappingW 00000000773beeb0 5 bytes JMP 0000000077680718
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000773c1890 5 bytes JMP 00000000776805e0
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!MapViewOfFileEx 00000000773d1b80 5 bytes JMP 0000000077680238
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!TerminateProcess + 1 00000000773fc051 4 bytes {JMP 0x2840b0}
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!CreateRemoteThread 00000000773fc8a0 5 bytes JMP 0000000077680850
      .text C:\Windows\system32\Dwm.exe[3700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007743f490 5 bytes JMP 0000000077680988
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!MapViewOfFile 00000000773bd850 5 bytes JMP 00000000776804a8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!CreateFileMappingA 00000000773bdf90 5 bytes JMP 0000000077680370
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!CreateFileMappingW 00000000773beeb0 5 bytes JMP 0000000077680718
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000773c1890 5 bytes JMP 00000000776805e0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!MapViewOfFileEx 00000000773d1b80 5 bytes JMP 0000000077680238
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!TerminateProcess + 1 00000000773fc051 4 bytes {JMP 0x2840b0}
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!CreateRemoteThread 00000000773fc8a0 5 bytes JMP 0000000077680850
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007743f490 5 bytes JMP 0000000077680988
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\ole32.dll!CLSIDFromProgID 000007fefe0d9980 5 bytes JMP 000007feff6004a8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\ole32.dll!CLSIDFromProgIDEx 000007fefe0da4c4 5 bytes JMP 000007feff600370
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007feff600fa0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0238
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007feff600d30
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007feff6005e0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007feff600988
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007feff600ac0
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007feff600718
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007feff600850
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0100
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007feff600bf8
      .text C:\Windows\Explorer.EXE[3832] C:\Windows\system32\WS2_32.dll!WSARecvFrom

      Comment


      • #4
        GMER deel 3

        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000102600594
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000102600c6c
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000102600a24
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000102600228
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000102600104
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000102600470
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 00000001026007dc
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 000000010260034c
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000102600900
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 00000001026006b8
        .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[4112] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000102600b48
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 00000000776a0bf8
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 00000000776a0e68
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 00000000776a0238
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776a04a8
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 00000000776a0d30
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 00000000776a0100
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 00000000776a0ac0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776a0fa0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 00000000776a0850
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776a05e0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 00000000776a0988
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776b0238
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 00000000776a0370
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x17de90}
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776b0100
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 00000000776a0718
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!MapViewOfFile 00000000773bd850 5 bytes JMP 00000000776804a8
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!CreateFileMappingA 00000000773bdf90 5 bytes JMP 0000000077680370
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!CreateFileMappingW 00000000773beeb0 5 bytes JMP 0000000077680718
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000773c1890 5 bytes JMP 00000000776805e0
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!MapViewOfFileEx 00000000773d1b80 5 bytes JMP 0000000077680238
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!TerminateProcess + 1 00000000773fc051 4 bytes {JMP 0x2840b0}
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!CreateRemoteThread 00000000773fc8a0 5 bytes JMP 0000000077680850
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007743f490 5 bytes JMP 0000000077680988
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\ole32.dll!CLSIDFromProgID 000007fefe0d9980 5 bytes JMP 000007feff6004a8
        .text C:\Windows\system32\SearchIndexer.exe[4964] C:\Windows\system32\ole32.dll!CLSIDFromProgIDEx 000007fefe0da4c4 5 bytes JMP 000007feff600370
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000102e00594
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000102e00c6c
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000102e00a24
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000102e00228
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000102e00104
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000102e00470
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 0000000102e007dc
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 0000000102e0034c
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000102e00900
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 0000000102e006b8
        .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000102e00b48
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
        .text C:\Windows\system32\wbem\unsecapp.exe[4068] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077521310 5 bytes JMP 0000000077690bf8
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077521330 5 bytes JMP 0000000077690e68
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775213a0 5 bytes JMP 0000000077680ac0
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000775213e0 5 bytes JMP 0000000077690238
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077521420 5 bytes JMP 00000000776904a8
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077521480 5 bytes JMP 0000000077680bf8
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077521520 5 bytes JMP 0000000077690d30
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000775215d0 5 bytes JMP 0000000077690100
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775215e0 5 bytes JMP 0000000077690ac0
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 0000000077690fa0
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680fa0
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077521800 5 bytes JMP 0000000077690850
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775218b0 5 bytes JMP 00000000776905e0
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077521e00 5 bytes JMP 0000000077690988
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077521e10 5 bytes JMP 0000000077680d30
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077521e40 5 bytes JMP 0000000077680e68
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776a0238
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000775224e0 1 byte JMP 0000000077690370
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey + 2 00000000775224e2 3 bytes {JMP 0x16de90}
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 00000000776a0100
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtUnloadKey 0000000077522b30 5 bytes JMP 0000000077690718
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\system32\ole32.dll!CLSIDFromProgID 000007fefe0d9980 5 bytes JMP 000007feff6004a8
        .text C:\Windows\system32\wbem\wmiprvse.exe[4792] C:\Windows\system32\ole32.dll!CLSIDFromProgIDEx

        Comment


        • #5
          GMER deel 4

          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000100380594
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000100380c6c
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000100380a24
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000100380228
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000100380104
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000100380470
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 00000001003807dc
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 000000010038034c
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000100380900
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 00000001003806b8
          .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4392] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000100380b48
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000100540594
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000100540c6c
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000100540a24
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000100540228
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000100540104
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000100540470
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 00000001005407dc
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 000000010054034c
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000100540900
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 00000001005406b8
          .text C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe[4676] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000100540b48
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 0000000100a90594
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 0000000100a90c6c
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 0000000100a90a24
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 0000000100a90228
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 0000000100a90104
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 0000000100a90470
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 0000000100a907dc
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 0000000100a9034c
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 0000000100a90900
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 0000000100a906b8
          .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5980] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 0000000100a90b48
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!sendto 00000000760634b5 5 bytes JMP 00000001003f0594
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076063918 5 bytes JMP 00000001003f0c6c
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076064406 5 bytes JMP 00000001003f0a24
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!recv 0000000076066b0e 5 bytes JMP 00000001003f0228
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!connect 0000000076066bdd 5 bytes JMP 00000001003f0104
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!send 0000000076066f01 5 bytes JMP 00000001003f0470
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076067089 5 bytes JMP 00000001003f07dc
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007606b6dc 5 bytes JMP 00000001003f034c
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007606cba6 5 bytes JMP 00000001003f0900
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007606cc3f 5 bytes JMP 00000001003f06b8
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007607b30c 5 bytes JMP 00000001003f0b48
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762a1465 2 bytes [2A, 76]
          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762a14bb 2 bytes [2A, 76]
          .text ... * 2
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!WSASend 000007fefdb613b0 5 bytes JMP 000007fefdbb0ac0
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdb618e0 5 bytes JMP 000007fefdbb0d30
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefdb62200 5 bytes JMP 000007fefdbb0850
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!connect 000007fefdb645c0 5 bytes JMP 000007fefdbb0100
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!send 000007fefdb68000 5 bytes JMP 000007fefdbb04a8
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!sendto 000007fefdb6d7f0 5 bytes JMP 000007fefdbb05e0
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!recv 000007fefdb6df40 5 bytes JMP 000007fefdbb0238
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefdb6eb90 5 bytes JMP 000007fefdbb0370
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefdb6ed50 5 bytes JMP 000007fefdbb0bf8
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdb8e0f0 5 bytes JMP 000007fefdbb0718
          .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4052] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefdb8e6c0 5 bytes JMP 000007fefdbb0988

          ---- User IAT/EAT - GMER 2.1 ----

          IAT C:\Windows\Explorer.EXE[3832] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
          IAT C:\Windows\Explorer.EXE[3832] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
          IAT C:\Windows\Explorer.EXE[3832] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll

          ---- Threads - GMER 2.1 ----

          Thread C:\Windows\System32\svchost.exe [948:5508] 000007fef8be44e0
          Thread C:\Windows\System32\svchost.exe [948:5932] 000007fef8e488f8
          Thread C:\Windows\system32\svchost.exe [1084:3536] 000007fef7cf5170
          Thread C:\Windows\system32\svchost.exe [1084:3164] 000007fef78883d8
          Thread C:\Windows\system32\svchost.exe [1084:3168] 000007fef78883d8
          Thread C:\Windows\system32\svchost.exe [1084:3172] 000007fef78883d8
          Thread C:\Windows\system32\svchost.exe [1084:3176] 000007fef78883d8
          Thread C:\Windows\system32\svchost.exe [1084:3672] 000007fef75f3f1c
          Thread C:\Windows\system32\svchost.exe [1084:4000] 000007fef75c1a38
          Thread C:\Windows\system32\svchost.exe [1084:4060] 000007fef73b5388
          Thread C:\Windows\system32\svchost.exe [1084:3084] 000007fef7397738
          Thread C:\Windows\system32\svchost.exe [1084:3408] 000007fef7381f90
          Thread C:\Windows\SysWOW64\ntdll.dll [1128:1132] 0000000000404b9c
          Thread C:\Windows\SysWOW64\ntdll.dll [1128:1332] 0000000000401c80
          Thread C:\Windows\SysWOW64\ntdll.dll [1128:1336] 0000000000402070
          Thread C:\Windows\system32\svchost.exe [1724:1600] 000007fef94935c0
          Thread C:\Windows\system32\svchost.exe [1724:1592] 000007fef9495600
          Thread C:\Windows\system32\svchost.exe [1724:3836] 000007fef7492940
          Thread C:\Windows\system32\svchost.exe [1724:2276] 000007fef94c2888
          Thread C:\Windows\system32\svchost.exe [1724:5400] 000007fef94c2a40
          Thread C:\Windows\SysWOW64\svchost.exe [972:5888] 0000000074b417a4
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2776] 000000002a01bff0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2320] 000000002a016410
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:3064] 000000002a00e0a0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:3068] 000000002a0038e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:3060] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:3056] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:1892] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2064] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2060] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2072] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2068] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2056] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2096] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2088] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2104] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2116] 000000002a00c7e0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2176] 000000002a00d0a0
          Thread C:\Windows\SysWOW64\ntdll.dll [2784:2280] 000000002a014aa0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2352] 000000002b01ac01
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2876] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2892] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2896] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2908] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2916] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2912] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2900] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2924] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2928] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2932] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2936] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2940] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2948] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2904] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2944] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2952] 000000002b00c9c0
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2920] 000000002b00d480
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2140] 000000002b002d70
          Thread C:\Windows\SysWOW64\ntdll.dll [2348:2264] 000000002b00b170
          Thread [2820:2568] 0000000076b27587
          Thread [2820:2860] 0000000077702e65
          Thread [2820:2492] 000000004b68ab40
          Thread [2820:2148] 00000000222f18b0
          Thread [2820:3044] 00000000222f18b0
          Thread [2820:2200] 00000000222f18b0
          Thread [2820:2152] 00000000222f3790
          Thread [2820:2256] 0000000010002d00
          Thread [2820:2228] 0000000010002100
          Thread [2820:2244] 00000000100025b0
          Thread [2820:2268] 00000000223f3010
          Thread [2820:2552] 0000000022373170
          Thread [2820:3132] 0000000000bc3450
          Thread [2820:5144] 000000004b640080
          Thread [2820:5524] 000000004b64bcc0
          Thread [2820:5224] 000000004b64c050
          Thread [2820:5536] 000000004b647340
          Thread [2820:5548] 000000004b643b40
          Thread [2820:2260] 0000000077703e85
          Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4052:5376] 000007fefb6f2a7c
          ---- Processes - GMER 2.1 ----

          Library c:\users\hodi\appdata\local\temp\7zs0582\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3284] (HP Network Devices Support/Hewlett-Packard Co.)(2012-03-19 15:49:48) 0000000180000000
          Process C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe (*** suspicious ***) @ C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe [4248](2013-01-13 19:03:47) 0000000010000000

          ---- EOF - GMER 2.1 ----

          Comment


          • #6
            Hoi Gerdil en welkom op Nucia Securitry Forum,


            Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
            .
            • Log enkel in als beheerder met alle rechten.
            • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
            • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
            • Volg aandachtig de instructies die door mij worden gegeven.
            • Volg enkel het door mij gegeven advies op
            • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
            • Als je iets niet weet of verstaat, vraag het dan even aub.
            • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
            • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
            • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
            • De logs niet als bijlage, noch tussen codetags zetten aub.

            .
            Opmerking: Alle tools steeds uitvoeren als admin.
            De instructies die worden gegeven, zijn enkel geldig voor jouw PC.


            Download StartUpLite naar het bureaublad.
            Open het programma StartUpLite en klik vervolgens op "Continue"
            Herstart nu de computer.


            Download of Update Ccleaner

            Start CCleaner op.
            • Run Ccleaner en klik in de linkse kolom op Opties
            • Selecteer het tabblad Geavanceerd
            • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
            • Selecteer het tabblad Instellingen
            • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
            • Klik in de linkse kolom op Cleaner.
            • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
            • Klik vervolgens in de linkse kolom op Register
            • Klik op Scan naar problemen.
            • Op de vraag of je een backup wil maken van het register, klik je "Ja".
            • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



            Controle op slechte toolbars...

            Download AdwCleaner by Xplode naar je Bureaublad.
            • Sluit alle openstaande vensters
            • Start AdwCleaner
            • Klik op Scan
            • Klik op Clean
            • KLIK HIER voor een vergroting! 

            Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
            Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner\AdwCleaner[xx].txt post de inhoud hier op het Forum.

            Enkel de log na de "clean/verwijderen" optie heb ik nodig.

            Vergeet niet om je "smileys" uit te schakelen.

            Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com


            Download Security Check op je bureaublad via hier of hier

            Start Security Check
            Volg de Instructies in het scherm
            Aan het eind verschijnt een log ( checkup.txt )
            Plaats de inhoud ervan in je volgende antwoord.


            Post eveneens een verse DDS log.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Dank voor je reactie. Ik loop al snel tegen een probleem:

              Download StartUpLite naar het bureaublad.
              Open het programma StartUpLite en klik vervolgens op "Continue"
              Herstart nu de computer.


              Nadat ik op uitvoeren had geklikt, verscheen een venster m.b.t. "Quick Time Task". Hierbij staan drie opties: "disable", "remove", "no action". De eerste, "disable", staat aangevinkt. Ik heb niets gewijzigd en klikte op "continue". Ik kreeg nu echter direct een foutmelding "Error on value: Quick Time Task. There was an error creating a MSConfig key". Toen ik daarna klikte op "ok", verscheen er een venster met de melding "All actions executed succesfully! Changes will take place after the system is restarted". Ik klikte weer op "ok". Nu kreeg ik dit scherm:
              Click image for larger version

Name:	melding.png
Views:	1
Size:	104,0 KB
ID:	1067710
              Vraag: Moet ik dit negeren en de laptop opnieuw opstarten? Of moet ik eerst klikken op "dit programma is goed geïnstalleerd"?

              Alvast dank voor je reactie.

              Comment


              • #8
                "Dit programma is goed geinstalleerd"
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Hierbij de logfile:

                  # AdwCleaner v3.208 - Rapport aangemaakt 14/05/2014 op 23:12:35
                  # Laatste Update 11/05/2014 door Xplode
                  # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
                  # Gebruikersnaam : hodi - HODI-PC
                  # Gestart vanuit : C:\Users\hodi\Desktop\adwcleaner_3.208.exe
                  # Optie : Verwijderen

                  ***** [ Services ] *****


                  ***** [ Bestanden / Mappen ] *****

                  Map Verwijderd : C:\ProgramData\Babylon
                  Map Verwijderd : C:\ProgramData\continuetosave
                  Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
                  Map Verwijderd : C:\Program Files (x86)\continuetosave
                  Map Verwijderd : C:\Users\hodi\AppData\LocalLow\continuetosave
                  Map Verwijderd : C:\Users\hodi\AppData\Roaming\Babylon

                  ***** [ Snelkoppelingen ] *****


                  ***** [ Register ] *****

                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE16BFF5-C6F8-4717-2341-1A92FE7A8674}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE16BFF5-C6F8-4717-2341-1A92FE7A8674}
                  Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE16BFF5-C6F8-4717-2341-1A92FE7A8674}
                  Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE16BFF5-C6F8-4717-2341-1A92FE7A8674}
                  Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
                  Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
                  Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
                  Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
                  Sleutel Verwijderd : HKCU\Software\APN PIP
                  Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
                  Sleutel Verwijderd : HKLM\Software\Babylon
                  Sleutel Verwijderd : HKLM\Software\PIP
                  Sleutel Verwijderd : HKLM\Software\SP Global
                  Sleutel Verwijderd : HKLM\Software\SProtector
                  Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\contin~1\sprote~1.dll
                  Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\softqu~1\sprote~1.dll

                  ***** [ Browsers ] *****

                  -\\ Internet Explorer v10.0.9200.16866


                  -\\ Mozilla Firefox v16.0.2 (nl)

                  [ Bestand : C:\Users\hodi\AppData\Roaming\Mozilla\Firefox\Profiles\ivcv2jle.default-1399195222856\prefs.js ]

                  Regel verwijderd : user_pref("aol_toolbar.default.homepage.check", false);
                  Regel verwijderd : user_pref("aol_toolbar.default.search.check", false);
                  Regel verwijderd : user_pref("extensions.BabylonToolbar.prtkDS", 0);
                  Regel verwijderd : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
                  Regel verwijderd : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
                  Regel verwijderd : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
                  Regel verwijderd : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.soft-quick.info/");
                  Regel verwijderd : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");
                  Regel verwijderd : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
                  Regel verwijderd : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
                  Regel verwijderd : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
                  Regel verwijderd : user_pref("sweetim.toolbar.searchguard.enable", "");

                  -\\ Google Chrome v34.0.1847.131

                  [ Bestand : C:\Users\hodi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

                  Verwijderd [Search Provider] : hxxp://websearch.soft-quick.info/?l=1&q={searchTerms}

                  *************************

                  AdwCleaner[R0].txt - [5220 octets] - [14/05/2014 23:09:54]
                  AdwCleaner[S0].txt - [4756 octets] - [14/05/2014 23:12:35]

                  ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4816 octets] ##########

                  Comment


                  • #10
                    Mooi zo.

                    Download of Update Ccleaner

                    Start CCleaner op.
                    • Run Ccleaner en klik in de linkse kolom op Opties
                    • Selecteer het tabblad Geavanceerd
                    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                    • Selecteer het tabblad Instellingen
                    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                    • Klik in de linkse kolom op Cleaner.
                    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                    • Klik vervolgens in de linkse kolom op Register
                    • Klik op Scan naar problemen.
                    • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                    • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                    .
                    Mag ik een verse DDS log aub?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Hierbij de DDS logfile:

                      DDS (Ver_2012-11-20.01) - NTFS_AMD64
                      Internet Explorer: 10.0.9200.16866 BrowserJavaVersion: 10.55.2
                      Run by hodi at 0:02:17 on 2014-05-15
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2996.1880 [GMT 2:00]
                      .
                      AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
                      SP: Panda Antivirus Pro 2013 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
                      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      FW: Panda Personal Firewall 2013 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
                      .
                      ============== Running Processes ===============
                      .
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\svchost.exe -k DcomLaunch
                      C:\Windows\system32\svchost.exe -k RPCSS
                      C:\Windows\system32\atiesrxx.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      C:\Windows\system32\svchost.exe -k LocalService
                      C:\Windows\system32\svchost.exe -k netsvcs
                      C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                      C:\Windows\system32\svchost.exe -k GPSvcGroup
                      C:\Windows\system32\atieclxx.exe
                      C:\Windows\system32\svchost.exe -k NetworkService
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
                      C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                      C:\Windows\System32\spoolsv.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\Program Files (x86)\Launch Manager\dsiwmis.exe
                      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                      C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
                      C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
                      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                      C:\Windows\System32\svchost.exe -k HPZ12
                      C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
                      C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
                      C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
                      C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                      C:\Windows\System32\svchost.exe -k HPZ12
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Firewall\PSHOST.EXE
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
                      C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
                      C:\Windows\system32\svchost.exe -k imgsvc
                      C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
                      C:\Program Files\Acer\Acer Updater\UpdaterService.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                      C:\Windows\system32\svchost.exe -k HPService
                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                      C:\Windows\system32\taskhost.exe
                      C:\Windows\system32\Dwm.exe
                      C:\Windows\Explorer.EXE
                      C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
                      C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe
                      C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                      C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                      C:\Windows\PLFSetI.exe
                      C:\Windows\system32\SearchIndexer.exe
                      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                      C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
                      C:\Windows\system32\wbem\unsecapp.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                      C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
                      C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
                      C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
                      C:\Program Files (x86)\Launch Manager\LManager.exe
                      C:\Program Files (x86)\iTunes\iTunesHelper.exe
                      C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
                      C:\Program Files (x86)\Launch Manager\LMworker.exe
                      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                      C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
                      C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe
                      C:\Users\hodi\AppData\Local\Citrix\ICA Client\wfcrun32.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
                      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
                      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
                      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
                      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                      C:\Windows\System32\svchost.exe -k secsvcs
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\Windows\system32\wuauclt.exe
                      C:\Windows\system32\SearchProtocolHost.exe
                      C:\Windows\system32\SearchFilterHost.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PlaTasks64.exe
                      C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVJOBS.EXE
                      C:\Windows\System32\cscript.exe
                      .
                      ============== Pseudo HJT Report ===============
                      .
                      uStart Page = hxxps://www.google.nl/
                      uDefault_Page_URL = hxxp://acer.msn.com
                      mWinlogon: Userinit = userinit.exe,
                      BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
                      BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                      BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                      EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
                      EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
                      uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
                      mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
                      mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
                      mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
                      mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
                      mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
                      mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
                      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
                      mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
                      mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
                      mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
                      mRun: [ConnectionCenter] "C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
                      mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                      mPolicies-Explorer: NoActiveDesktop = dword:1
                      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                      mPolicies-System: ConsentPromptBehaviorUser = dword:3
                      mPolicies-System: EnableUIADesktopToggle = dword:0
                      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
                      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
                      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                      IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                      DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                      TCP: NameServer = 195.130.131.3 195.130.130.131
                      TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337} : DHCPNameServer = 192.168.0.1
                      TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\055666471637475627960234F637D6F64756 : DHCPNameServer = 192.168.123.254
                      TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\350756564645F6573686144423648343 : DHCPNameServer = 192.168.1.254
                      TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D} : DHCPNameServer = 195.130.130.130 195.130.131.130
                      TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\1357E6461302D4F62696C6560275C414E4D225F657475627F5935323246313 : DHCPNameServer = 192.168.0.1 192.168.0.1
                      TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\4505F494A584E41477966696 : DHCPNameServer = 10.128.128.128
                      TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\46967716E6560227563656074796F6E6 : DHCPNameServer = 192.168.1.1
                      TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1} : DHCPNameServer = 195.130.131.3 195.130.130.131
                      TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\0556E63796F6E634C616A65737 : DHCPNameServer = 82.144.41.8 82.145.9.8
                      TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\14478656E63702449616D6F6E6460205C65737 : DHCPNameServer = 192.168.2.1
                      TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\1607642333 : DHCPNameServer = 10.0.0.138
                      Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                      AppInit_DLLs=
                      SSODL: WebCheck - <orphaned>
                      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                      x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                      x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                      x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
                      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                      x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
                      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                      x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                      x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                      x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                      x64-Notify: avldr - avldr64.dll
                      x64-SSODL: WebCheck - <orphaned>
                      .
                      ================= FIREFOX ===================
                      .
                      FF - ProfilePath - C:\Users\hodi\AppData\Roaming\Mozilla\Firefox\Profiles\ivcv2jle.default-1399195222856\
                      FF - prefs.js: browser.search.defaulturl -
                      FF - prefs.js: browser.search.selectedEngine -
                      FF - prefs.js: browser.startup.homepage - www.google.nl
                      FF - prefs.js: keyword.URL -
                      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                      FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
                      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                      FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npctxcao.dll
                      FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npctxcao.dll
                      FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npicaN.dll
                      FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npicaN.dll
                      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
                      .
                      ============= SERVICES / DRIVERS ===============
                      .
                      R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-8-7 30792]
                      R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
                      R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
                      R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
                      R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
                      R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-8-7 71432]
                      R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-8-7 129096]
                      R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-8-7 82952]
                      R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-8-7 31752]
                      R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-8-7 78920]
                      R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-8-7 170504]
                      R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-10-17 116240]
                      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-17 56344]
                      R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
                      R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-8-7 216648]
                      S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
                      S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2011-9-23 1064448]
                      S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-12-23 191944]
                      S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;C:\Windows\System32\drivers\KovaPlusFltr.sys [2010-1-25 15104]
                      S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
                      S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
                      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-1 19456]
                      S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2010-11-25 687136]
                      .
                      =============== File Associations ===============
                      .
                      FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                      FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                      FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                      FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                      FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                      .
                      =============== Created Last 30 ================
                      .
                      2014-05-14 21:10:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                      2014-05-14 21:09:49 -------- d-----w- C:\AdwCleaner
                      2014-05-14 11:46:38 -------- d-----w- C:\Users\hodi\AppData\Local\{5155CA72-309C-42C7-A001-889644700F6C}
                      2014-05-12 23:33:59 -------- d-----w- C:\Users\hodi\AppData\Local\{A7236AD1-7616-4AEB-8422-5212521499D5}
                      2014-05-12 15:32:01 -------- d-s---w- C:\Windows\System32\CompatTel
                      2014-05-12 15:30:49 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F27EB7-BE4E-4473-912D-21ABE1A13484}\mpengine.dll
                      2014-05-12 15:29:21 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                      2014-05-12 15:29:20 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
                      2014-05-12 15:27:57 465408 ----a-w- C:\Windows\System32\aepdu.dll
                      2014-05-12 15:27:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
                      2014-05-11 11:28:10 -------- d-----w- C:\Users\hodi\AppData\Local\{B44C8F52-0AF6-4177-998A-B513F4F7FE13}
                      2014-05-11 08:21:55 6103040 ----a-w- C:\Program Files (x86)\GUTE5CD.tmp
                      2014-05-11 08:21:35 -------- d-----w- C:\Program Files (x86)\GUM959A.tmp
                      2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
                      2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
                      2014-05-07 05:39:53 -------- d-----w- C:\Users\hodi\AppData\Local\{964CCEAD-227E-41E5-878A-6C4DACCCFEB5}
                      2014-05-06 09:33:17 -------- d-----w- C:\Users\hodi\AppData\Local\{5D20FD13-0FB6-4FFB-A592-D0A6CF26A3BF}
                      2014-05-04 10:21:30 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
                      2014-05-04 10:21:30 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
                      2014-05-04 10:21:30 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
                      2014-05-04 09:37:35 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
                      2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
                      2014-05-04 08:19:25 -------- d-----w- C:\Users\hodi\AppData\Local\{DBF6D357-562A-4471-AB51-7B6DE921BFBE}
                      2014-04-27 09:41:34 -------- d-----w- C:\Users\hodi\AppData\Local\{DE7E27BB-8AC4-4939-9B1F-81C4202AFE88}
                      2014-04-25 13:41:11 -------- d-----w- C:\Users\hodi\AppData\Local\{1F98663C-E1A3-4842-A382-426B146A1743}
                      2014-04-20 05:04:45 -------- d-----w- C:\Users\hodi\AppData\Local\{B4AB1B68-3516-4868-B406-15AE0C914FA7}
                      2014-04-17 21:31:59 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                      2014-04-16 20:42:42 -------- d-----w- C:\Users\hodi\AppData\Local\{C5DA57F6-CA01-4DC1-AECE-03649E28247E}
                      2014-04-16 05:28:23 -------- d-----w- C:\Users\hodi\AppData\Local\{3FDDFD04-908A-4E9A-8C30-B5E70051150A}
                      .
                      ==================== Find3M ====================
                      .
                      2014-05-04 09:14:36 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                      2014-05-04 09:14:36 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                      2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
                      2014-03-13 06:33:30 2238976 ----a-w- C:\Windows\System32\wininet.dll
                      2014-03-13 06:32:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
                      2014-03-13 06:31:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
                      2014-03-13 06:31:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
                      2014-03-13 05:10:47 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
                      2014-03-13 05:09:43 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
                      2014-03-13 05:09:39 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
                      2014-03-13 05:09:39 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
                      2014-03-13 03:59:47 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
                      2014-03-13 03:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
                      2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                      2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                      2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                      2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                      2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
                      2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
                      2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                      2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                      2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                      2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                      .
                      ============= FINISH: 0:04:23,87 ===============

                      Comment


                      • #12
                        Download Combofix naar je bureaublad.
                        (Dus niet naar een download map of temp map)

                        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                        Als Combofix vraagt om een update, dan staat je dit toe.

                        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                        Deze kan je vinden als C:\combofix.txt.

                        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                        • Illegal operation attempted on a registry key that has been marked for deletion.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Nadat ik deze acties had uitgevoerd, ging de laptop helemaal vastlopen. Uiteindelijk heb ik deze met de aan/uit knop afgesloten. Nadat ik de laptop weer had opgestart kreeg ik een zwart scherm met onderstaande teksten:
                          Click image for larger version

Name:	DSC07100.JPG
Views:	1
Size:	157,8 KB
ID:	1067712 Click image for larger version

Name:	DSC07101.JPG
Views:	1
Size:	191,2 KB
ID:	1067713
                          Na een half uur startte Windows weer op.

                          Combofix log:

                          ComboFix 14-05-13.01 - hodi 15-05-2014 0:23.1.4 - x64
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2996.1756 [GMT 2:00]
                          Gestart vanuit: c:\users\hodi\Desktop\ComboFix.exe
                          AV: Panda Antivirus Pro 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
                          FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
                          SP: Panda Antivirus Pro 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
                          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          .
                          .
                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          c:\users\hodi\AppData\Local\Temp\7zS0582\HPSLPSVC64.DLL
                          c:\windows\wininit.ini
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          -------\Service_HPSLPSVC
                          .
                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2014-04-14 to 2014-05-14 ))))))))))))))))))))))))))))))
                          .
                          .
                          2014-05-14 22:59 . 2014-05-14 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
                          2014-05-14 21:10 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                          2014-05-14 21:09 . 2014-05-14 21:12 -------- d-----w- C:\AdwCleaner
                          2014-05-12 15:32 . 2014-05-12 15:32 -------- d-s---w- c:\windows\system32\CompatTel
                          2014-05-12 15:29 . 2014-04-29 14:14 19275264 ----a-w- c:\windows\system32\mshtml.dll
                          2014-05-12 15:29 . 2014-04-29 12:25 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
                          2014-05-12 15:29 . 2014-04-29 12:36 2706432 ----a-w- c:\windows\system32\mshtml.tlb
                          2014-05-12 15:27 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
                          2014-05-12 15:27 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
                          2014-05-11 08:21 . 2014-05-11 08:21 6103040 ----a-w- c:\program files (x86)\GUTE5CD.tmp
                          2014-05-11 08:21 . 2014-05-11 08:22 -------- d-----w- c:\program files (x86)\GUM959A.tmp
                          2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
                          2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
                          2014-05-04 10:21 . 2014-05-12 20:13 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
                          2014-05-04 10:21 . 2014-05-12 20:13 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
                          2014-05-04 10:21 . 2014-05-12 20:13 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
                          2014-05-04 09:37 . 2014-05-04 09:37 313256 ----a-w- c:\windows\system32\javaws.exe
                          2014-05-04 09:37 . 2014-05-04 09:37 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                          2014-05-04 09:37 . 2014-05-04 09:37 189352 ----a-w- c:\windows\system32\javaw.exe
                          2014-05-04 09:37 . 2014-05-04 09:37 189352 ----a-w- c:\windows\system32\java.exe
                          2014-05-04 09:37 . 2014-05-04 09:37 -------- d-----w- c:\program files\Java
                          2014-05-04 09:34 . 2014-05-04 09:34 -------- d-----w- c:\users\hodi\AppData\Roaming\Oracle
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
                          2014-05-04 09:32 . 2014-05-04 09:32 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
                          2014-05-04 09:31 . 2014-05-04 09:32 -------- d-----w- c:\program files (x86)\QuickTime
                          2014-04-17 21:31 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                          .
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2014-05-04 09:14 . 2012-05-13 09:08 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                          2014-05-04 09:14 . 2011-08-22 14:52 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                          2014-04-16 05:41 . 2011-01-09 17:54 90655440 ----a-w- c:\windows\system32\MRT.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 226304 ----a-w- c:\windows\system32\elshyph.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 158720 ----a-w- c:\windows\SysWow64\msls31.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 138752 ----a-w- c:\windows\SysWow64\wextract.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 12800 ----a-w- c:\windows\SysWow64\mshta.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 97280 ----a-w- c:\windows\system32\mshtmled.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 81408 ----a-w- c:\windows\system32\icardie.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 762368 ----a-w- c:\windows\system32\ieapfltr.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
                          2014-04-01 16:45 . 2014-04-01 16:45 452096 ----a-w- c:\windows\system32\dxtmsft.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 441856 ----a-w- c:\windows\system32\html.iec
                          2014-04-01 16:45 . 2014-04-01 16:45 361984 ----a-w- c:\windows\SysWow64\html.iec
                          2014-04-01 16:45 . 2014-04-01 16:45 281600 ----a-w- c:\windows\system32\dxtrans.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 27648 ----a-w- c:\windows\system32\licmgr10.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 270848 ----a-w- c:\windows\system32\iedkcs32.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 247296 ----a-w- c:\windows\system32\webcheck.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 235008 ----a-w- c:\windows\system32\url.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 216064 ----a-w- c:\windows\system32\msls31.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
                          2014-04-01 16:45 . 2014-04-01 16:45 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                          2014-04-01 16:45 . 2014-04-01 16:45 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
                          2014-04-01 16:45 . 2014-04-01 16:45 102912 ----a-w- c:\windows\system32\inseng.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 77312 ----a-w- c:\windows\system32\tdc.ocx
                          2014-04-01 16:45 . 2014-04-01 16:45 62976 ----a-w- c:\windows\system32\pngfilt.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 51200 ----a-w- c:\windows\system32\imgutil.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 173568 ----a-w- c:\windows\system32\ieUnatt.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 167424 ----a-w- c:\windows\system32\iexpress.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 149504 ----a-w- c:\windows\system32\occache.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 144896 ----a-w- c:\windows\system32\wextract.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 13824 ----a-w- c:\windows\system32\mshta.exe
                          2014-04-01 16:45 . 2014-04-01 16:45 136192 ----a-w- c:\windows\system32\iepeers.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
                          2014-04-01 16:45 . 2014-04-01 16:45 12800 ----a-w- c:\windows\system32\msfeedssync.exe
                          2014-03-31 07:35 . 2011-01-08 02:50 270496 ------w- c:\windows\system32\MpSigStub.exe
                          2014-03-04 09:17 . 2014-04-16 05:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                          REGEDIT4
                          .
                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                          "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
                          "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
                          "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
                          "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
                          "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
                          "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
                          "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                          "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
                          "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
                          "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
                          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
                          "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-27 739936]
                          "APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" [2012-12-12 1038192]
                          "SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [2012-11-08 70432]
                          "ConnectionCenter"="c:\users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
                          "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
                          .
                          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                          HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                          "ConsentPromptBehaviorAdmin"= 5 (0x5)
                          "ConsentPromptBehaviorUser"= 3 (0x3)
                          "EnableUIADesktopToggle"= 0 (0x0)
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                          "LoadAppInit_DLLs"=1 (0x1)
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
                          @="Service"
                          .
                          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                          R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
                          R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
                          R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys;c:\windows\SYSNATIVE\DRIVERS\hcwhdpvr.sys [x]
                          R3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys;c:\windows\SYSNATIVE\drivers\KovaPlusFltr.sys [x]
                          R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
                          R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
                          R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
                          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                          R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
                          R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
                          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                          R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                          S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys;c:\windows\SYSNATIVE\Drivers\pavboot64.sys [x]
                          S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                          S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ mwlPSDFilter.sys [x]
                          S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDNServ.sys [x]
                          S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDVDisk.sys [x]
                          S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys;c:\windows\SYSNATIVE\DRIVERS\ShldFlt.sys [x]
                          S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
                          S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys;c:\windows\SYSNATIVE\DRIVERS\amm6460.sys [x]
                          S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS;c:\windows\SYSNATIVE\Drivers\APPFLT64.SYS [x]
                          S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS;c:\windows\SYSNATIVE\Drivers\DSAFLT64.SYS [x]
                          S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
                          S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
                          S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS;c:\windows\SYSNATIVE\Drivers\fnetm64.SYS [x]
                          S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
                          S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS;c:\windows\SYSNATIVE\Drivers\IDSFLT64.SYS [x]
                          S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS;c:\windows\SYSNATIVE\Drivers\NETTDI64.SYS [x]
                          S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
                          S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
                          S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
                          S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe [x]
                          S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
                          S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
                          S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
                          S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                          S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
                          S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS;c:\windows\SYSNATIVE\Drivers\WNMFLT64.SYS [x]
                          S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
                          S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
                          S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
                          S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys;c:\windows\SYSNATIVE\DRIVERS\n64i1644.sys [x]
                          S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys;c:\windows\SYSNATIVE\PavTPK.sys [x]
                          S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
                          .
                          .
                          --- Andere Services/Drivers In Geheugen ---
                          .
                          *NewlyCreated* - WS2IFSL
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
                          hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                          2014-05-04 08:18 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          .
                          2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
                          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 09:14]
                          .
                          2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13 11:12]
                          .
                          2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13 11:12]
                          .
                          2014-05-14 c:\windows\Tasks\{88EEA922-CC67-4D68-942A-88879DE0F80B}.job
                          - c:\programdata\CloudSoft\ContinueToSave\ContinueToSave.exe [2013-01-13 19:53]
                          .
                          .
                          --------- X64 Entries -----------
                          .
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
                          @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
                          [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
                          2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
                          "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
                          "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
                          "PLFSetI"="c:\windows\PLFSetI.exe" [2010-10-17 206208]
                          "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
                          "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
                          .
                          ------- Bijkomende Scan -------
                          .
                          uStart Page = https://www.google.nl/
                          uLocal Page = c:\windows\system32\blank.htm
                          mLocal Page = c:\windows\SysWOW64\blank.htm
                          uInternet Settings,ProxyOverride = *.local
                          IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
                          Trusted Zone: boels.nl\portal
                          TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
                          FF - ProfilePath - c:\users\hodi\AppData\Roaming\Mozilla\Firefox\Profiles\ivcv2jle.default-1399195222856\
                          FF - prefs.js: browser.search.defaulturl -
                          FF - prefs.js: browser.search.selectedEngine -
                          FF - prefs.js: browser.startup.homepage - www.google.nl
                          FF - prefs.js: keyword.URL -
                          .
                          .
                          ------- Bestandsassociaties -------
                          .
                          JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                          .
                          - - - - ORPHANS VERWIJDERD - - - -
                          .
                          Toolbar-Locked - (no file)
                          ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
                          Toolbar-Locked - (no file)
                          ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                          ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                          ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                          ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                          HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
                          .
                          .
                          .
                          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                          .
                          [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
                          @Denied: (2) (LocalSystem)
                          "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
                          d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,17,c9,76,54,3e,4f,45,8d,d4,ef,\
                          "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
                          d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,17,c9,76,54,3e,4f,45,8d,d4,ef,\
                          .
                          [HKEY_USERS\S-1-5-21-2022107872-438747361-3590845781-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                          @Denied: (2) (LocalSystem)
                          "Progid"="WindowsLiveMail.Email.1"
                          .
                          [HKEY_USERS\S-1-5-21-2022107872-438747361-3590845781-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
                          @Denied: (2) (LocalSystem)
                          "Progid"="WindowsLiveMail.VCard.1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe ,-101"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker5"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe ,-101"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Shockwave Flash Object"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                          @="0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="ShockwaveFlash.ShockwaveFlash.11"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="ShockwaveFlash.ShockwaveFlash"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Macromedia Flash Factory Object"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="FlashFactory.FlashFactory.1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="FlashFactory.FlashFactory"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker5"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\McAfee]
                          "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                          00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                          .
                          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                          @Denied: (Full) (Everyone)
                          .
                          ------------------------ Andere Aktieve Processen ------------------------
                          .
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
                          c:\program files (x86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
                          c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                          c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                          c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
                          c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Firewall\PSHOST.EXE
                          c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
                          c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
                          .
                          **************************************************************************
                          .
                          Voltooingstijd: 2014-05-15 01:09:58 - machine werd herstart
                          ComboFix-quarantined-files.txt 2014-05-14 23:09
                          .
                          Pre-Run: 134.905.581.568 bytes beschikbaar
                          Post-Run: 134.538.313.728 bytes beschikbaar
                          .
                          - - End Of File - - 253022B95E0E309C9E57E56FB3C26099

                          Comment


                          • #14
                            DDS log:

                            DDS (Ver_2012-11-20.01) - NTFS_AMD64
                            Internet Explorer: 10.0.9200.16866 BrowserJavaVersion: 10.55.2
                            Run by hodi at 18:10:55 on 2014-05-15
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2996.1654 [GMT 2:00]
                            .
                            AV: Panda Antivirus Pro 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
                            SP: Panda Antivirus Pro 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
                            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
                            .
                            ============== Running Processes ===============
                            .
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe -k DcomLaunch
                            C:\Windows\system32\svchost.exe -k RPCSS
                            C:\Windows\system32\atiesrxx.exe
                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                            C:\Windows\system32\svchost.exe -k LocalService
                            C:\Windows\system32\svchost.exe -k netsvcs
                            C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                            C:\Windows\system32\svchost.exe -k GPSvcGroup
                            C:\Windows\system32\atieclxx.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                            C:\Windows\System32\spoolsv.exe
                            C:\Windows\system32\taskeng.exe
                            C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                            C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            C:\Program Files (x86)\Launch Manager\dsiwmis.exe
                            C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                            C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
                            C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                            C:\Windows\System32\svchost.exe -k HPZ12
                            C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
                            C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrls.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
                            C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
                            C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
                            C:\Windows\System32\svchost.exe -k HPZ12
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Firewall\PSHOST.EXE
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
                            C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
                            C:\Windows\system32\svchost.exe -k imgsvc
                            C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
                            C:\Program Files\Acer\Acer Updater\UpdaterService.exe
                            C:\Windows\System32\svchost.exe -k secsvcs
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                            C:\Windows\servicing\TrustedInstaller.exe
                            C:\Windows\system32\taskhost.exe
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\Explorer.EXE
                            C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                            C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
                            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                            C:\Windows\PLFSetI.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                            C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
                            C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                            C:\Windows\system32\SearchIndexer.exe
                            C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
                            C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
                            C:\Program Files (x86)\Launch Manager\LManager.exe
                            C:\Program Files (x86)\iTunes\iTunesHelper.exe
                            C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
                            C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
                            C:\Program Files (x86)\Launch Manager\LMworker.exe
                            C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
                            C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
                            C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Windows\system32\wbem\unsecapp.exe
                            C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe
                            C:\Windows\system32\SearchProtocolHost.exe
                            C:\Users\hodi\AppData\Local\Citrix\ICA Client\wfcrun32.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Windows\system32\SearchFilterHost.exe
                            C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
                            C:\Program Files\iPod\bin\iPodService.exe
                            C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
                            C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
                            C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
                            C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
                            C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                            C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                            C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\TPSRVAUX.EXE
                            C:\Windows\System32\cscript.exe
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            uStart Page = hxxps://www.google.nl/
                            BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
                            BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                            BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                            EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
                            EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
                            uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
                            mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
                            mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
                            mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
                            mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
                            mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
                            mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
                            mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                            mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                            mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
                            mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                            mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                            mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
                            mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
                            mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
                            mRun: [ConnectionCenter] "C:\Users\hodi\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
                            mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                            uPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                            mPolicies-System: ConsentPromptBehaviorUser = dword:3
                            mPolicies-System: EnableUIADesktopToggle = dword:0
                            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
                            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                            IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
                            IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                            IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                            DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
                            TCP: NameServer = 195.130.131.3 195.130.130.131
                            TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337} : DHCPNameServer = 192.168.0.1
                            TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\055666471637475627960234F637D6F64756 : DHCPNameServer = 192.168.123.254
                            TCP: Interfaces\{95B9C92F-6331-480F-9BE5-CC5209375337}\350756564645F6573686144423648343 : DHCPNameServer = 192.168.1.254
                            TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D} : DHCPNameServer = 195.130.130.130 195.130.131.130
                            TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\1357E6461302D4F62696C6560275C414E4D225F657475627F5935323246313 : DHCPNameServer = 192.168.0.1 192.168.0.1
                            TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\4505F494A584E41477966696 : DHCPNameServer = 10.128.128.128
                            TCP: Interfaces\{BA0BD8AB-4482-4799-9B8D-CCA645CF4F5D}\46967716E6560227563656074796F6E6 : DHCPNameServer = 192.168.1.1
                            TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1} : DHCPNameServer = 195.130.131.3 195.130.130.131
                            TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\0556E63796F6E634C616A65737 : DHCPNameServer = 82.144.41.8 82.145.9.8
                            TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\14478656E63702449616D6F6E6460205C65737 : DHCPNameServer = 192.168.2.1
                            TCP: Interfaces\{CA36B656-3520-4DD7-89D6-02CED80838C1}\1607642333 : DHCPNameServer = 10.0.0.138
                            Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\hodi\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
                            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                            SSODL: WebCheck - <orphaned>
                            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                            x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                            x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                            x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
                            x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                            x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
                            x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                            x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
                            x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                            x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                            x64-Notify: avldr - avldr64.dll
                            x64-SSODL: WebCheck - <orphaned>
                            .
                            ================= FIREFOX ===================
                            .
                            FF - ProfilePath - C:\Users\hodi\AppData\Roaming\Mozilla\Firefox\Profiles\ivcv2jle.default-1399195222856\
                            FF - prefs.js: browser.search.defaulturl -
                            FF - prefs.js: browser.search.selectedEngine -
                            FF - prefs.js: browser.startup.homepage - www.google.nl
                            FF - prefs.js: keyword.URL -
                            FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                            FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
                            FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                            FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                            FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                            FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npctxcao.dll
                            FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npctxcao.dll
                            FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\plugins\npicaN.dll
                            FF - plugin: C:\Users\hodi\AppData\Roaming\Mozilla\Plugins\npicaN.dll
                            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-8-7 30792]
                            R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
                            R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
                            R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
                            R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
                            R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2013-8-7 48136]
                            R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-17 203264]
                            R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-8-7 71432]
                            R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-8-7 129096]
                            R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-8-7 82952]
                            R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-10-17 321104]
                            R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-17 868896]
                            R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-8-7 31752]
                            R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
                            R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-8-7 78920]
                            R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-8-7 170504]
                            R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
                            R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640]
                            R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe [2013-8-7 177440]
                            R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe [2013-8-7 202016]
                            R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2013-8-7 62768]
                            R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe [2013-8-7 313664]
                            R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
                            R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe [2013-8-7 28992]
                            R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2011-10-1 45056]
                            R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-7-2 93072]
                            R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
                            R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-16 243232]
                            R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2013-8-7 74760]
                            R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-10-17 116240]
                            R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-17 56344]
                            R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
                            R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-8-7 216648]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                            S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                            S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-17 2320920]
                            S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
                            S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2011-9-23 1064448]
                            S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-12-23 191944]
                            S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;C:\Windows\System32\drivers\KovaPlusFltr.sys [2010-1-25 15104]
                            S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
                            S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
                            S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432]
                            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-1 19456]
                            S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2010-11-25 687136]
                            S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
                            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-1 56832]
                            S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
                            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
                            .
                            =============== File Associations ===============
                            .
                            FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                            FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                            FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                            FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                            FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
                            .
                            =============== Created Last 30 ================
                            .
                            2014-05-14 23:02:37 -------- d-----w- C:\$RECYCLE.BIN
                            2014-05-14 22:48:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F27EB7-BE4E-4473-912D-21ABE1A13484}\offreg.dll
                            2014-05-14 22:18:46 98816 ----a-w- C:\Windows\sed.exe
                            2014-05-14 22:18:46 256000 ----a-w- C:\Windows\PEV.exe
                            2014-05-14 22:18:46 208896 ----a-w- C:\Windows\MBR.exe
                            2014-05-14 21:10:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                            2014-05-14 21:09:49 -------- d-----w- C:\AdwCleaner
                            2014-05-14 11:46:38 -------- d-----w- C:\Users\hodi\AppData\Local\{5155CA72-309C-42C7-A001-889644700F6C}
                            2014-05-12 23:33:59 -------- d-----w- C:\Users\hodi\AppData\Local\{A7236AD1-7616-4AEB-8422-5212521499D5}
                            2014-05-12 15:32:01 -------- d-s---w- C:\Windows\System32\CompatTel
                            2014-05-12 15:30:49 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F27EB7-BE4E-4473-912D-21ABE1A13484}\mpengine.dll
                            2014-05-12 15:29:21 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                            2014-05-12 15:29:20 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
                            2014-05-12 15:27:57 465408 ----a-w- C:\Windows\System32\aepdu.dll
                            2014-05-12 15:27:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
                            2014-05-11 11:28:10 -------- d-----w- C:\Users\hodi\AppData\Local\{B44C8F52-0AF6-4177-998A-B513F4F7FE13}
                            2014-05-11 08:21:55 6103040 ----a-w- C:\Program Files (x86)\GUTE5CD.tmp
                            2014-05-11 08:21:35 -------- d-----w- C:\Program Files (x86)\GUM959A.tmp
                            2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
                            2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
                            2014-05-07 05:39:53 -------- d-----w- C:\Users\hodi\AppData\Local\{964CCEAD-227E-41E5-878A-6C4DACCCFEB5}
                            2014-05-06 09:33:17 -------- d-----w- C:\Users\hodi\AppData\Local\{5D20FD13-0FB6-4FFB-A592-D0A6CF26A3BF}
                            2014-05-04 10:21:30 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
                            2014-05-04 10:21:30 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
                            2014-05-04 10:21:30 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
                            2014-05-04 09:37:35 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
                            2014-05-04 09:32:17 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
                            2014-05-04 08:19:25 -------- d-----w- C:\Users\hodi\AppData\Local\{DBF6D357-562A-4471-AB51-7B6DE921BFBE}
                            2014-04-27 09:41:34 -------- d-----w- C:\Users\hodi\AppData\Local\{DE7E27BB-8AC4-4939-9B1F-81C4202AFE88}
                            2014-04-25 13:41:11 -------- d-----w- C:\Users\hodi\AppData\Local\{1F98663C-E1A3-4842-A382-426B146A1743}
                            2014-04-20 05:04:45 -------- d-----w- C:\Users\hodi\AppData\Local\{B4AB1B68-3516-4868-B406-15AE0C914FA7}
                            2014-04-17 21:31:59 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                            2014-04-16 20:42:42 -------- d-----w- C:\Users\hodi\AppData\Local\{C5DA57F6-CA01-4DC1-AECE-03649E28247E}
                            2014-04-16 05:28:23 -------- d-----w- C:\Users\hodi\AppData\Local\{3FDDFD04-908A-4E9A-8C30-B5E70051150A}
                            .
                            ==================== Find3M ====================
                            .
                            2014-05-04 09:14:36 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                            2014-05-04 09:14:36 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                            2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
                            2014-03-13 06:33:30 2238976 ----a-w- C:\Windows\System32\wininet.dll
                            2014-03-13 06:32:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
                            2014-03-13 06:31:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
                            2014-03-13 06:31:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
                            2014-03-13 05:10:47 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
                            2014-03-13 05:09:43 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
                            2014-03-13 05:09:39 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
                            2014-03-13 05:09:39 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
                            2014-03-13 03:59:47 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
                            2014-03-13 03:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
                            2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                            2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                            2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                            2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                            2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
                            2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
                            2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                            2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                            2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                            2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                            .
                            ============= FINISH: 18:13:26,52 ===============

                            Comment


                            • #15
                              Blijk baar zat er een fout op je HD, deze is nu verholpen.


                              Geef je verborgen bestanden en mappen weer.

                              Ga naar Virus Total en upload de volgende file:

                              c:\program files (x86)\GUTE5CD.tmp

                              Druk op verzenden en wacht tot de resultaten verschijnen.
                              Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

                              Uit het rapport, koppieer je het volgende:

                              KLIK HIER voor een vergroting! 
                              .
                              Plaats ook even de link naar dat rapport.
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X